| Name |
Resource Leak Exposure |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Medium |
|
| Summary |
An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests. |
| Prerequisites |
The target must have a resource leak that the adversary can repeatedly trigger. |
| Solutions | If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated). Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.) Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-404 |
Improper Resource Shutdown or Release |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1499 |
Endpoint Denial of Service |
|
| Taxonomy: WASC |
|
Entry ID
|
Entry Name
|
| 10 |
Denial of Service |
|